Ticket #344 (closed Enhancement: fixed)

Opened 8 years ago

Last modified 8 years ago

Store ACLs outside the graph

Reported by: jri Owned by: jri
Priority: Major Milestone: Release 4.1
Component: DeepaMehta Standard Distribution Version: 4.0.12
Keywords: Cc: dgf, Malte
Complexity: 8 Area:
Module: deepamehta-accesscontrol

Description

... that is not as topics itself but as properties of Neo4j nodes.

Representing ACLs as topic trees has proven not as efficient.

Change History

comment:1 Changed 8 years ago by jri

Access Control: store ACLs outside graph (#344).

Core Service:

  • createTopicACL() is new method
  • createAssociationACL() is new method

de.deepamehta.core.service.accesscontrol is new package

Not yet functional.
Do not install the "revise-acl" branch.

See ticket 344.

Changeset: bb444d26115fdc8e44c0a4049990c191e1344478

comment:2 Changed 8 years ago by Jörg Richter

Access Control: read ACLs in new format (#344).

Core Service:

  • getTopicACL() is new method
  • getAssociationACL() is new method

Not yet functional.
Do not install the "revise-acl" branch.

See ticket 344.

comment:3 Changed 8 years ago by Jörg Richter

Access Control: generalize API (#344).

"DeepaMehta Object" instead of separate methods for topics and associations.

Not yet functional.
Do not install the "revise-acl" branch.

See ticket 344.

comment:4 Changed 8 years ago by Jörg Richter

Access Control: creator/owner storage (#344,#299).

An object's creator and owner is stored outside the graph.

Core Service API:

  • String getCreator(long objectId) is new method
  • void setCreator(long objectId, String username) is new method
  • String getOwner(long objectId) is new method
  • void setOwner(long objectId, String username) is new method

Access Control API:

  • login() returns void (a Username topic formerly)
  • getUsername() returns the username, a string (a Username topic formerly)
  • String getCreator(long objectId) replaces Topic getCreator(DeepaMehtaObject? object)
  • setCreator(long objectId, String username) replaces setCreator(DeepaMehtaObject? object, long usernameId)
  • String getOwner(long objectId) replaces Topic getOwner(DeepaMehtaObject? object)
  • setOwner(long objectId, String username) replaces setOwner(DeepaMehtaObject? object, long usernameId)
  • joinWorkspace(String username, long workspaceId) replaces joinWorkspace(long usernameId, long workspaceId)

Revised access control storage ís functional for the first time.
You must reset the database.

Core fix (#299):
Redeploying the Core while a user is logged in.
The session stores a plain (username) string instead a topic.

See ticket 344.
Close ticket 299.

comment:5 Changed 8 years ago by Jörg Richter

Access Control: remove topic types (#344).

Topic types removed from the Access Control data model:

  • "Operation" (dm4.accesscontrol.operation)
  • "Allowed" (dm4.accesscontrol.allowed)
  • "Permission" (dm4.accesscontrol.permission)
  • "User Role" (dm4.accesscontrol.user_role)
  • "ACL Entry" (dm4.accesscontrol.acl_entry)
  • "Access Control List Facet" (dm4.accesscontrol.acl_facet)
  • "Creator" (dm4.accesscontrol.creator)
  • "Creator Facet" (dm4.accesscontrol.creator_facet)
  • "Owner" (dm4.accesscontrol.owner)
  • "Owner Facet" (dm4.accesscontrol.owner_facet)

COMPATIBILITY NOTE:
To production installations a migration must be applied that transforms existing access control information to the new format.

Furthermore:

  • Besides the Creator the Owner is set for every object.
  • The Facets service is no longer consumed by the Access Control plugin.

See ticket 344.

comment:6 Changed 8 years ago by Jörg Richter

Access Control: read ACLs in new format (#344).

Core Service:

  • getTopicACL() is new method
  • getAssociationACL() is new method

Not yet functional.
Do not install the "revise-acl" branch.

See ticket 344.

comment:7 Changed 8 years ago by Jörg Richter

Access Control: generalize API (#344).

"DeepaMehta Object" instead of separate methods for topics and associations.

Not yet functional.
Do not install the "revise-acl" branch.

See ticket 344.

comment:8 Changed 8 years ago by Jörg Richter

Access Control: creator/owner storage (#344,#299).

An object's creator and owner is stored outside the graph.

Core Service API:

  • String getCreator(long objectId) is new method
  • void setCreator(long objectId, String username) is new method
  • String getOwner(long objectId) is new method
  • void setOwner(long objectId, String username) is new method

Access Control API:

  • login() returns void (a Username topic formerly)
  • getUsername() returns the username, a string (a Username topic formerly)
  • String getCreator(long objectId) replaces Topic getCreator(DeepaMehtaObject? object)
  • setCreator(long objectId, String username) replaces setCreator(DeepaMehtaObject? object, long usernameId)
  • String getOwner(long objectId) replaces Topic getOwner(DeepaMehtaObject? object)
  • setOwner(long objectId, String username) replaces setOwner(DeepaMehtaObject? object, long usernameId)
  • joinWorkspace(String username, long workspaceId) replaces joinWorkspace(long usernameId, long workspaceId)

Revised access control storage ís functional for the first time.
You must reset the database.

Core fix (#299):
Redeploying the Core while a user is logged in.
The session stores a plain (username) string instead a topic.

See ticket 344.
Close ticket 299.

comment:9 Changed 8 years ago by Jörg Richter

Access Control: remove topic types (#344).

Topic types removed from the Access Control data model:

  • "Operation" (dm4.accesscontrol.operation)
  • "Allowed" (dm4.accesscontrol.allowed)
  • "Permission" (dm4.accesscontrol.permission)
  • "User Role" (dm4.accesscontrol.user_role)
  • "ACL Entry" (dm4.accesscontrol.acl_entry)
  • "Access Control List Facet" (dm4.accesscontrol.acl_facet)
  • "Creator" (dm4.accesscontrol.creator)
  • "Creator Facet" (dm4.accesscontrol.creator_facet)
  • "Owner" (dm4.accesscontrol.owner)
  • "Owner Facet" (dm4.accesscontrol.owner_facet)

COMPATIBILITY NOTE:
To production installations a migration must be applied that transforms existing access control information to the new format.

Furthermore:

  • Besides the Creator the Owner is set for every object.
  • The Facets service is no longer consumed by the Access Control plugin.

See ticket 344.

comment:10 Changed 8 years ago by jri

  • Status changed from new to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.